Recon 2011 (a late retrospective)

Posted on November 28, 2011 by


In July 2011, Beans gave a talk at ReCon in Montreal, CA entitled “Hardware Hacking for Software People“. This year ReCon broke away from its more humble conference venue roots, took corporate sponsorship, and upgraded the venue to a MUCH nicer hotel. (After last year’s debacles, I think Hugo and Dave decided it was just time to bite the bullet.) Anyway, it was a great time. As usual, this conference remains one of our favorites.

Why we’ve been away:

This post is long overdue. Our apologies. We’ve been head-down focusing on research (mostly around embedded devices and mobiles) and in the upcoming year plan to debut tools, talks, and comprehensive training on ARM Exploitation.

The materials focus on and teach about advanced exploitation topics (circumventing ASLR, XN, stack cookies, etc.) using Linux as a basis to learn the ARM architecture but with obvious applications for embedded devices and mobiles. Students (with some previous exploitation experience) go from knowing nothing about ARM to exploiting custom heap implementations using their own hand-built ROP connect-back-shell payloads. The course is:

  • 600+ slides
  • 17 lab exercises (from simple stack up through advanced heap exploitation and ‘application-specific’ exploitation)
  • 3 “CTF” style exploitation challenges
  • 80+ page lab manual (comprehensive notes including: architecture quick reference, ARM GDB and IDA ‘gotchas’)
  • neat ARM-specific exploitation techniques
  • Many useful tools including a library of 30+ ARM ROP gadgets for use with the exercises (with several lab units focused on techniques for finding and building ROP libraries from scratch for specific targets).

All of this from a “use only what is on the box” approach. We want people to understand the core concepts so no relying on other people’s IDA plugins, debugger helpers (like DEPLIB), or anyone else’s shellcode. You have to do it all and we show you how. We haven’t seen anything like our materials circulated publicly so we are really really excited to be releasing all of the details in the coming weeks.

Anyway, our ReCon 2o11 talk is embedded below and is also available (along with more detail) in the “Hardware Hacking for Software People”  blogpost. All of the photos from our visit to ReCon 2011 are here. Stay tuned for more on the ARM stuff…